Hi
Yes, it is possible. From connector configuration doc:
clientAuth:
Set this value to true if you want Tomcat to require all SSL clients to
present a client Certificate in order to use this socket.
Set this value to want if you want Tomcat to request a client Certificate,
but not fail if one isn't presented.
So in your configuration, change clientAuth="false" to clientAuth="want" and
connector will accept connection be there a certificate or not. But don't
forget
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
means access to /html/* will be refused to users not presenting a certificate.
(They can still access other webapps in tomcat if those have a login-config
not based on certificate and they can also browse in ssl the non restricted
area of client-cert based webapp)
for sensitive areas, you might also be interrested in adding, in particular
for basic authentification based webapps
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Le Mercredi 01 Février 2006 17:55, Markus a écrit :
>Creating client certs is no problem, I already had client
>authentication working on the Connector-Level.
>
>Nick:
>In other words: it is NOT possible in tomcat to have a webapp with
>BOTH, a private part with ssl AND client authentication and a public
>part with ssl but WITHOUT client authentication?
>
>That would be sad.
>
>
>Markus
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
--
David Delbecq
Royal Meteorological Institute of Belgium
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
